AppArmor is able to restrict what programs can do and access based on policies for those programs.

See AppArmor in the Debian Wiki.

By default (e. g. no auditd installed) log messages from AppArmor are logged via syslog to the kernel facility which usually ends up under /var/log/kern.log.


This role requires at least Ansible v2.1.3. To install it, run:

ansible-galaxy install debops-contrib.apparmor